An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enablesfine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* A flaw was found in the Linux kernel's key management system where it waspossible for an attacker to escalate privileges or crash the machine. If auser key gets negatively instantiated, an error code is cached in thepayload area. A negatively instantiated key may be then be positivelyinstantiated by updating it with valid data. However, the ->update key typemethod must be aware that the error code may be there. (CVE-2015-8539,Important)

* It was found that fanout_add() in 'net/packet/af_packet.c' in the Linuxkernel, before version 4.13.6, allows local users to gain privileges viacrafted system calls that trigger mishandling of packet_fanout datastructures, because of a race condition (involving fanout_add andpacket_do_bind) that leads to a use-after-free bug. (CVE-2017-15649,Important)

* A vulnerability was found in the Linux kernel where thekeyctl_set_reqkey_keyring() function leaks the thread keyring. This allowsan unprivileged local user to exhaust kernel memory and thus cause a DoS.(CVE-2017-7472, Moderate)

Red Hat would like to thank Dmitry Vyukov of Google engineering forreporting CVE-2015-8539.

Bug Fix(es):

* The mlx5 driver has a number of configuration options, including theselective support for network protocols, such as InfiniBand and Ethernet.Due to a regression in the configuration of the MRG-RT kernel, the Ethernetmode of the driver was turned off. The regression has been resolved byenabling the mlx5 Ethernet mode, making the Ethernet protocol to workagain. (BZ#1422778)

* The migrate_disable/enable() kernel operations are used to pin a threadto a CPU temporarily. This method is a kernel-rt specific. To keepRHEL-RT's kernel up-to-date with the latest real-time kernel, themigrate_disable/enable routine was updated to the version present on kernelv4.9-rt. However, this version showed to be problematic. The changes in themigrate_disable/enabled have been thus reverted to a stable version,avoiding the kernel BUG. (BZ#1507831)

* The kernel-rt packages have been upgraded to version3.10.0-693.15.1.rt56.601, which provides a number of security and bug fixesover the previous version. (BZ#1519504)

4. Solution:

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to: